On Fri, Mar 30, 2007 at 08:03:11PM +0200, Moritz Augustin wrote: > I would also like to see the option disabled by default, because I think most > of the users dealing with Kerberos authentication issues know about the > neccessary config parts. > People (like me) are wondering why connecting to local servers (without DNS) > is that slow. 10 seconds per connection attempt.
I think it may be slightly unfair to blame GSSAPIAuthentication for this. It happens that ssh does a reverse DNS lookup on the GSSAPIAuthentication path, but that's essentially incidental, and it doesn't seem to me that it would be fundamentally impossible to fix. It's compounded by the presence of avahi and the fact that its reverse DNS lookups are very slow, of course; one solution that was suggested to me was to change this line in /etc/nsswitch.conf: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ... to: hosts: files mdns4_minimal [NOTFOUND=return] dns I would like to avoid the extra reverse DNS lookup if possible, though. I looked into the source and couldn't entirely see what was going on, as a chunk of it was buried in the bowels of krb5. Russ, do you have any ideas here? -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
